There is two ways for managing iptables rules with textual interface, by '''setup''' and '''system-config-firewall-tui'''. When in the first you need to select 'firewall configuration' and then edit rules, the second will bring directly to the edition of rules.

+

So, with '''setup''', select 'Firewall configuration' :

+

[[File:Firewall-tui.PNG|center|700px|setup menu utility]]

+

On the next screen, we leave Firewall enabled or we activate it if it wasn't enabled. Then we go on '''Customize''' :

+

[[File:First_menu_firewall_tui.PNG|center|700px|Firewall Configuration by TUI. First screen.]]

+

There is high chance that your service is part of the list of trusted services. This is basic activation of some standards services. Select what is needed and go '''forward''' :

Contents

my CLI way

Hot changes in iptables rules content

This method allow you to change behaviour of your iptables firewall when is running.

CautionYou can break up your connection with mistakes in rules.

I invite you to read the man pages about iptables for further explanation and more sophisticated rules.
You must have superuser rights to launch these commands, please use sudo or su as your convenience.
Example of iptables rules which allow any connections established or related, icmp requests, all local traffic and finally ssh communication :

First thing to know, the rules apply in order of appearance and exit if there is a match. So, if we have a rule that reject ssh connections then after another rules allowing ssh then once the reject rule is reached, the packets exit and apply the reject rule but never reached the accept rule.
So with that in mind, we can edit iptables's rules.

Notice the number append after the name of the chain. As we say that we insert the rule at the top, we must insert it before the first. So, you want to insert this rules before the third rule you as to change this number to 3. Simple isn't it!

For the next, we replace a rules already existing. The rules about the http server is pretty wide for acceptance. Restrict a little more this rule by only allow a specific network 192.168.0.0/24 :

Now, we can imagine to automatize startup and stop of iptables based on a dump file restored and saved. This mechanism already exists, this what is going on when you start and stop the iptables service. At each stop of service, it saves the current state of iptables rules set on a file and each stop it restores this file.
And this file is :

/etc/sysconfig/iptables

for IPv4

/etc/sysconfig/ip6tables

for IPv6

So, if you prefer, you can edit this file and restart the iptables service to commit the changes. The format is pretty the same than iptables command :

# Generated by iptables-save v1.4.12 on Wed Dec 7 20:22:39 2011
*filter <--------------------------------------------------------- Specify the table of the next rules
:INPUT DROP [157:36334] <----------------------------------------- This is the three chain belong to filter table, then the policy of the chain
:FORWARD ACCEPT [0:0] <------------------------------------------- and between brackets [<packet-counter>:<byte-counter>] numbers is for
:OUTPUT ACCEPT [48876:76493439] <--------------------------------- debug/informations purpose only. Leave them at their current value.
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT <--------- A rule.
-A INPUT -p icmp -j ACCEPT <-------------------------------------- You just have to take all arguments
-A INPUT -i lo -j ACCEPT <---------------------------------------- of an iptables command.
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
COMMIT <---------------------------------------------------------- Needed at each end of table definition. Commit rules in that table.
# Completed on Wed Dec 7 20:22:39 2011

TUI/semi graphical

There is two ways for managing iptables rules with textual interface, by setup and system-config-firewall-tui. When in the first you need to select 'firewall configuration' and then edit rules, the second will bring directly to the edition of rules.
So, with setup, select 'Firewall configuration' :

On the next screen, we leave Firewall enabled or we activate it if it wasn't enabled. Then we go on Customize :

There is high chance that your service is part of the list of trusted services. This is basic activation of some standards services. Select what is needed and go forward :

GUI

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, and JBoss are trademarks or registered trademarks of
Red Hat, Inc. or its subsidiaries in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
The Fedora Project is maintained and driven by the community and sponsored by Red Hat. This is a community
maintained site. Red Hat is not responsible for content.